Commit ae84e177 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Support downloading private keys of demo schemes

parent 35ba6bb1
package irma package irma
import (
"fmt"
"path/filepath"
)
// SchemeManagerPointer points to a remote IRMA scheme, containing information to download the scheme,
// including its (pinned) public key.
type SchemeManagerPointer struct { type SchemeManagerPointer struct {
Url string Url string // URL to download scheme from
Publickey []byte Demo bool // Whether or not this is a demo scheme; if true, private keys are also downloaded
Publickey []byte // Public key of scheme against which to verify files after they have been downloaded
} }
var DefaultSchemeManagers = [2]SchemeManagerPointer{ var DefaultSchemeManagers = [2]SchemeManagerPointer{
{ {
Url: "https://raw.githubusercontent.com/privacybydesign/irma-demo-schememanager/master", Url: "https://raw.githubusercontent.com/privacybydesign/irma-demo-schememanager/master",
Demo: true,
Publickey: []byte(`-----BEGIN PUBLIC KEY----- Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm
54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ== 54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ==
...@@ -23,7 +32,7 @@ dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg== ...@@ -23,7 +32,7 @@ dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg==
} }
func (conf *Configuration) DownloadDefaultSchemes() error { func (conf *Configuration) DownloadDefaultSchemes() error {
Logger.Info("downloading default schemes") Logger.Info("downloading default schemes (may take a while)")
for _, s := range DefaultSchemeManagers { for _, s := range DefaultSchemeManagers {
Logger.Debugf("Downloading scheme at %s", s.Url) Logger.Debugf("Downloading scheme at %s", s.Url)
scheme, err := DownloadSchemeManager(s.Url) scheme, err := DownloadSchemeManager(s.Url)
...@@ -33,7 +42,38 @@ func (conf *Configuration) DownloadDefaultSchemes() error { ...@@ -33,7 +42,38 @@ func (conf *Configuration) DownloadDefaultSchemes() error {
if err := conf.InstallSchemeManager(scheme, s.Publickey); err != nil { if err := conf.InstallSchemeManager(scheme, s.Publickey); err != nil {
return err return err
} }
if s.Demo {
if err := conf.downloadPrivateKeys(scheme); err != nil {
return err
}
}
} }
Logger.Info("Finished downloading schemes") Logger.Info("Finished downloading schemes")
return nil return nil
} }
func (conf *Configuration) downloadPrivateKeys(scheme *SchemeManager) error {
transport := NewHTTPTransport(scheme.URL)
err := transport.GetFile("sk.pem", filepath.Join(conf.Path, scheme.ID, "sk.pem"))
if err != nil { // If downloading of any of the private key fails just log it, and then continue
Logger.Warnf("Downloading private key of scheme %s failed ", scheme.ID)
}
for issid := range conf.Issuers {
// For all public keys that this issuer has in storage, see if a corresponding private key can be downloaded
indices, err := conf.PublicKeyIndices(issid)
if err != nil {
return err
}
for _, index := range indices {
remote := fmt.Sprintf("%s/PrivateKeys/%d.xml", issid.Name(), index)
local := fmt.Sprintf("%s/%s/%s", conf.Path, scheme.ID, remote)
if err = transport.GetFile(remote, filepath.FromSlash(local)); err != nil {
Logger.Warnf("Downloading private key %d of issuer %s failed", index, issid.String())
}
}
}
return nil
}
...@@ -62,7 +62,7 @@ func Initialize(configuration *server.Configuration) error { ...@@ -62,7 +62,7 @@ func Initialize(configuration *server.Configuration) error {
if conf.SchemeUpdateInterval != 0 { if conf.SchemeUpdateInterval != 0 {
conf.IrmaConfiguration.AutoUpdateSchemes(uint(conf.SchemeUpdateInterval)) conf.IrmaConfiguration.AutoUpdateSchemes(uint(conf.SchemeUpdateInterval))
} else { } else {
conf.Logger.Warn("Scheme updating disabled") conf.Logger.Info("Scheme updating disabled")
} }
if conf.IssuerPrivateKeys == nil { if conf.IssuerPrivateKeys == nil {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment